github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Timelines T-Grid] Changed formatting of the timeline data to parse all nested objects under the "kibana.alert.rule.parameters" (#136908)

Browse source 
* [Timelines T-Grid] Changed formatting of the timeline data to parse all nested objects under the "kibana.alert.rule.parameters"

* Excluded some of the alert params fields from parsing, because this is expected by the design

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Yuliia Naumenko 2022-07-22 11:07:06 -07:00 committed by GitHub
parent 72627fd771
commit 6911d5a7c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 311 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

68
x-pack/plugins/timelines/common/utils/field_formatters.test.ts
View file

@ -120,14 +120,66 @@ describe('Events Details Helpers', () => {
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria',
isObjectArray: true,
originalValue: [
'{"metric":"cpu","comparator":">","threshold":[3],"timeSize":1,"timeUnit":"m","customMetric":{"type":"custom","id":"alert-custom-metric","field":"","aggregation":"avg"}}',
],
values: [
'{"metric":"cpu","comparator":">","threshold":[3],"timeSize":1,"timeUnit":"m","customMetric":{"type":"custom","id":"alert-custom-metric","field":"","aggregation":"avg"}}',
],
field: 'kibana.alert.rule.parameters.criteria.metric',
isObjectArray: false,
originalValue: ['cpu'],
values: ['cpu'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.comparator',
isObjectArray: false,
originalValue: ['>'],
values: ['>'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.threshold',
isObjectArray: false,
originalValue: ['3'],
values: ['3'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.timeSize',
isObjectArray: false,
originalValue: ['1'],
values: ['1'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.timeUnit',
isObjectArray: false,
originalValue: ['m'],
values: ['m'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.customMetric.type',
isObjectArray: false,
originalValue: ['custom'],
values: ['custom'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.customMetric.id',
isObjectArray: false,
originalValue: ['alert-custom-metric'],
values: ['alert-custom-metric'],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.customMetric.field',
isObjectArray: false,
originalValue: [''],
values: [''],
},
{
category: 'kibana',
field: 'kibana.alert.rule.parameters.criteria.customMetric.aggregation',
isObjectArray: false,
originalValue: ['avg'],
values: ['avg'],
},
{
category: 'kibana',

9
x-pack/plugins/timelines/common/utils/field_formatters.ts
View file

@ -14,6 +14,7 @@ import { experimentalRuleFieldMap } from '@kbn/rule-registry-plugin/common/asset
import { EventHit, TimelineEventsDetailsItem } from '../search_strategy';
import { toObjectArrayOfStrings, toStringArray } from './to_array';
export const baseCategoryFields = ['@timestamp', 'labels', 'message', 'tags'];
const nonFlattenedFormatParamsFields = ['related_integrations', 'threat_mapping'];
export const getFieldCategory = (field: string): string => {
const fieldCategory = field.split('.')[0];
@ -42,7 +43,8 @@ export const isGeoField = (field: string) =>
field.includes('geo.location') || field.includes('geoip.location');
export const isRuleParametersFieldOrSubfield = (field: string, prependField?: string) =>
prependField?.includes(ALERT_RULE_PARAMETERS) || field === ALERT_RULE_PARAMETERS;
(prependField?.includes(ALERT_RULE_PARAMETERS) || field === ALERT_RULE_PARAMETERS) &&
!nonFlattenedFormatParamsFields.includes(field);
export const getDataFromFieldsHits = (
fields: EventHit['fields'],
@ -73,9 +75,10 @@ export const getDataFromFieldsHits = (
// return simple field value (non-ecs object, non-array)
if (
!isObjectArray ||
Object.keys({ ...ecsFieldMap, ...technicalRuleFieldMap, ...experimentalRuleFieldMap }).find(
(Object.keys({ ...ecsFieldMap, ...technicalRuleFieldMap, ...experimentalRuleFieldMap }).find(
(ecsField) => ecsField === field
) === undefined
) === undefined &&
!isRuleParametersFieldOrSubfield(field, prependField))
) {
return [
...accumulator,

245
x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.test.ts
View file

@ -215,4 +215,249 @@ describe('formatTimelineData', () => {
},
});
});
it('should properly format the inventory rule signal results', async () => {
const response: EventHit = {
_index: '.internal.alerts-observability.metrics.alerts-default-000001',
_id: '3fef4a4c-3d96-4e79-b4e5-158a0461d577',
_score: null,
fields: {
'kibana.alert.workflow_status': ['open'],
'kibana.alert.status': ['active'],
'kibana.alert.rule.uuid': ['15d82f10-0926-11ed-bece-6b0c033d0075'],
'kibana.alert.reason': [
'CPU usage is 37.8% in the last 1 day for gke-edge-oblt-pool-1-9a60016d-7dvq. Alert when > 10%.',
],
'kibana.alert.rule.producer': ['infrastructure'],
'kibana.alert.rule.consumer': ['infrastructure'],
'kibana.alert.rule.category': ['Inventory'],
'kibana.alert.start': ['2022-07-21T20:00:35.848Z'],
'kibana.alert.rule.rule_type_id': ['metrics.alert.inventory.threshold'],
'event.action': ['active'],
'kibana.alert.duration.us': [9502040000],
'@timestamp': ['2022-07-21T22:38:57.888Z'],
'kibana.alert.instance.id': ['gke-edge-oblt-pool-1-9a60016d-7dvq'],
'kibana.alert.rule.name': ['test 1212'],
'kibana.alert.rule.execution.uuid': ['37498c42-0190-4a83-adfa-c7e5f817f977'],
'kibana.alert.uuid': ['3fef4a4c-3d96-4e79-b4e5-158a0461d577'],
'kibana.space_ids': ['default'],
'kibana.version': ['8.4.0'],
'event.kind': ['signal'],
'kibana.alert.rule.parameters': [
{
sourceId: 'default',
nodeType: 'host',
criteria: [
{
comparator: '>',
timeSize: 1,
metric: 'cpu',
threshold: [10],
customMetric: {
aggregation: 'avg',
id: 'alert-custom-metric',
field: '',
type: 'custom',
},
timeUnit: 'd',
},
],
},
],
},
sort: ['1'],
};
expect(
await formatTimelineData(
[
'kibana.alert.status',
'@timestamp',
'kibana.alert.duration.us',
'kibana.alert.reason',
'*',
'kibana.alert.duration.us',
'kibana.alert.evaluation.threshold',
'kibana.alert.evaluation.value',
'kibana.alert.reason',
'kibana.alert.rule.category',
'kibana.alert.rule.name',
'kibana.alert.status',
'kibana.alert.uuid',
'kibana.alert.start',
'@timestamp',
'kibana.alert.workflow_status',
'kibana.alert.rule.uuid',
'kibana.alert.rule.producer',
'kibana.alert.rule.consumer',
'kibana.alert.rule.rule_type_id',
'event.action',
'kibana.alert.instance.id',
'kibana.alert.rule.execution.uuid',
'kibana.space_ids',
'kibana.version',
'event.kind',
'kibana.alert.rule.parameters',
],
TIMELINE_EVENTS_FIELDS,
response
)
).toEqual({
cursor: {
tiebreaker: null,
value: '',
},
node: {
_id: '3fef4a4c-3d96-4e79-b4e5-158a0461d577',
_index: '.internal.alerts-observability.metrics.alerts-default-000001',
data: [
{
field: 'kibana.alert.rule.consumer',
value: ['infrastructure'],
},
{
field: '@timestamp',
value: ['2022-07-21T22:38:57.888Z'],
},
{
field: 'kibana.alert.workflow_status',
value: ['open'],
},
{
field: 'kibana.alert.reason',
value: [
'CPU usage is 37.8% in the last 1 day for gke-edge-oblt-pool-1-9a60016d-7dvq. Alert when > 10%.',
],
},
{
field: 'kibana.alert.rule.name',
value: ['test 1212'],
},
{
field: 'kibana.alert.rule.uuid',
value: ['15d82f10-0926-11ed-bece-6b0c033d0075'],
},
{
field: 'event.action',
value: ['active'],
},
{
field: 'event.kind',
value: ['signal'],
},
{
field: 'kibana.alert.status',
value: ['active'],
},
{
field: 'kibana.alert.duration.us',
value: ['9502040000'],
},
{
field: 'kibana.alert.rule.category',
value: ['Inventory'],
},
{
field: 'kibana.alert.uuid',
value: ['3fef4a4c-3d96-4e79-b4e5-158a0461d577'],
},
{
field: 'kibana.alert.start',
value: ['2022-07-21T20:00:35.848Z'],
},
{
field: 'kibana.alert.rule.producer',
value: ['infrastructure'],
},
{
field: 'kibana.alert.rule.rule_type_id',
value: ['metrics.alert.inventory.threshold'],
},
{
field: 'kibana.alert.instance.id',
value: ['gke-edge-oblt-pool-1-9a60016d-7dvq'],
},
{
field: 'kibana.alert.rule.execution.uuid',
value: ['37498c42-0190-4a83-adfa-c7e5f817f977'],
},
{
field: 'kibana.space_ids',
value: ['default'],
},
{
field: 'kibana.version',
value: ['8.4.0'],
},
{
field: 'kibana.alert.rule.parameters.sourceId',
value: ['default'],
},
{
field: 'kibana.alert.rule.parameters.nodeType',
value: ['host'],
},
{
field: 'kibana.alert.rule.parameters.criteria.comparator',
value: ['>'],
},
{
field: 'kibana.alert.rule.parameters.criteria.timeSize',
value: ['1'],
},
{
field: 'kibana.alert.rule.parameters.criteria.metric',
value: ['cpu'],
},
{
field: 'kibana.alert.rule.parameters.criteria.threshold',
value: ['10'],
},
{
field: 'kibana.alert.rule.parameters.criteria.customMetric.aggregation',
value: ['avg'],
},
{
field: 'kibana.alert.rule.parameters.criteria.customMetric.id',
value: ['alert-custom-metric'],
},
{
field: 'kibana.alert.rule.parameters.criteria.customMetric.field',
value: [''],
},
{
field: 'kibana.alert.rule.parameters.criteria.customMetric.type',
value: ['custom'],
},
{
field: 'kibana.alert.rule.parameters.criteria.timeUnit',
value: ['d'],
},
],
ecs: {
'@timestamp': ['2022-07-21T22:38:57.888Z'],
_id: '3fef4a4c-3d96-4e79-b4e5-158a0461d577',
_index: '.internal.alerts-observability.metrics.alerts-default-000001',
event: {
action: ['active'],
kind: ['signal'],
},
kibana: {
alert: {
reason: [
'CPU usage is 37.8% in the last 1 day for gke-edge-oblt-pool-1-9a60016d-7dvq. Alert when > 10%.',
],
rule: {
consumer: ['infrastructure'],
name: ['test 1212'],
uuid: ['15d82f10-0926-11ed-bece-6b0c033d0075'],
},
workflow_status: ['open'],
},
},
timestamp: '2022-07-21T22:38:57.888Z',
},
},
});
});
});